|
Are Microsoft Products Safe?
Mike Hudack
Editor-in-Chief
The news lately has been peppered by reports of security breaches -- two malicious worms, one malicious virus and in the more exclusive circles of computer security expertise, reports of server bugs and workable exploits. Interestingly, the two worms and the virus both only affected Microsoft products.
Obviously, a company which controls operating systems for the home, and for much of business, will have an unproportional amount of publicity surrounding it. In fact, the amount of exploits and bugs available for Windows 95, 98 and NT are much fewer than those for UNIX. The problem is, however, that these problems become so exacerbated because of the sheer volume of vulnerable systems.
The first major problem to hit the mainstream was the Melissa virus. In order to infect a computer, the machine had to be using both Microsoft Word and a Microsoft e-mail program. The reason this virus / worm was possible was because of the close inter-operability of Microsoft products.
The second major problem to hit the mainstream was the Chernobyl virus, which required a Microsoft operating system to infect the BIOS of your computer. The BIOS is the set of startup instructions stored on your computer´s motherboard -- without a working BIOS, your computer cannot start up.
The third major, highly publicized problem was the Explore.Zip virus / worm. In order to be infected by the worm, all you need to do is run a file attachment -- as long as that attachment is run on a computer using a Microsoft operating system. The virus then spreads itself using Microsoft´s network interface software and Microsoft´s e-mail software -- without Microsoft, the virus would not only stop working but would stop spreading.
Recently, the eEye Digital Security Team discovered a new exploit for the Microsoft Information Server, which runs on Microsoft Windows NT. The exploit allows a remote user to run any code he wishes on the Information Server. Microsoft Information Server is used as a Web server on 90% of the computers running Windows NT.
Is the problem simply that Microsoft has so many programs at such a high profile that the bugs are more publicized? No, says Punkis, a computer security consultant. He says "it´s obvious to me that security generally isn´t an issue in Microsoft products." In other words, Microsoft just doesn´t care about security.
The exploit released by eEye was "not too difficult [to write], anyone with a running knowledge of assembler and with a little background on buffer overflows can accomplish the feat. Although buffer exploits on 9x/NT are quite a bit different than UNIX etc, NT's still pretty much untouched ground.. compared to the 100's of exploits for UNIX," According to Dark Spyrit, the author of the exploit. He goes on to say "It just amazes me how huge companies blindly trust Microsoft software to protect them, without any knowledge of what goes on in the background.. holes like this are inexcusable, how they allowed it to slip by with all the testing their products go through I don't know.
A Microsoft employee, who wishes to remain anonymous for obvious reasons, told OSAll "security wasn´t much of a concern except in Windows NT. And even there we don´t have much. With all this crap though, we´re working on some new stuff for regular [consumers]."
Windows has traditionally been left alone by hackers looking for security problems, but that´s changing quickly. According to one cracker who wishes to remain anonymous, "[Microsoft products] are becoming so easy to hit... They´re becoming more common... That´s why I´m paying more attention to [Windows]."
At this point, Microsoft is starting to take notice -- computer security is becoming a large, mainstream issue. In fact, according to an informal survey of computer users, security will become a major part of their decision when they next buy a computer. Furthermore, as Windows NT gains popularity as a Web server operating system, security is of course becoming more important in NT. |
